Json File Output Options Change
juntaozeng opened this issue · comments
Encountered an error while running the deepfenceio/deepfence_secret_scanner:2.0.0
docker image.
flag provided but not defined: -output-path
Noticed that 2 related json output options were remove from an earlier PR https://github.com/deepfence/SecretScanner/pull/97/files
json-filename
andoutput-path
However, those options are still being used / referenced in some docs. They probably should be updated so as not to cause confusions.
E.g.
Side note, slightly curious about the reason behind the sudden change removing json output support, I didn't find much explanation / change info from the PR itself.
Hello @juntaozeng
Thank for reporting the issue, we removed the flag to make thing uniform across all our plugins( https://github.com/deepfence/YaraHunter, https://github.com/deepfence/package-scanner and https://github.com/deepfence/SecretScanner)
The docs are updated to reflect the supported flags in the PR #107
How can I generate a plain json file as output? I run deepfence via docker-compose:
docker-compose.yml
version: "3.6"
services:
deepfence:
image: deepfenceio/deepfence_secret_scanner:latest
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./deepfence/:/home/deepfence/output
entrypoint: /bin/sh -c "/home/deepfence/usr/SecretScanner -config-path /home/deepfence/usr -image-name=${IMAGE} -output=json > output.json"
command: ""
And even though I don't redirect stderr to the file, I get:
output.json
Initializing....
Scanning image user/repo for secrets...
Scanning image /tmp/Deepfence/SecretScanning/userrepo/save-output.tar for secrets...
summary:
total=0 high=0 medium=0 low=0
{
"Timestamp": "2023-10-11T23:31:17.192741222Z",
"Image Name": "user/repo",
"Image ID": "f28ffd78641197871fea8fd679f2bf8a1cdafa4dc3f1ce3e700ad964aac2879a",
"Container ID": "",
"Secrets": null
}
which can't be parsed as json. Adding the flag -debug-level FATAL
also didn't help...
What is the intended usage here?
hi @timobrembeck, the recommended usage is to execute docker run
as shown below this outputs json to stdout which can be redirected to a file
this gets json output to stdout
docker run -i --rm --name=deepfence-secretscanner \
-v /var/run/docker.sock:/var/run/docker.sock \
deepfenceio/deepfence_secret_scanner:2.0.0 \
-image-name node:8.11 --output json
this redirects json from stdout to file node.json
docker run -i --rm --name=deepfence-secretscanner \
-v /var/run/docker.sock:/var/run/docker.sock \
deepfenceio/deepfence_secret_scanner:2.0.0 \
-image-name node:8.11 --output json > node.json
docker-compose usage is not recommended